I have an existing ipsec vpn tunnel setup between two sites using Netvanta 3458 routers. How can I port forward traffic from one site to the other over the vpn tunnel?
Site A ext IP: 1.2.3.4, int IP: 192.168.1.1
Site B: ext IP: 2.3.4.5, int IP: 192.168.2.1
Site B server: 192.168.2.2
Traffic flows without problems between 192.168.1.0 and 192.168.2.0 subnets and I can forward the traffic entering on Site A's external IP to any server in Site A without problems.
But I would like to forward all traffic on port 443 coming in on Site A's external IP (1.2.3.4) over the vpn tunnel to the site B server (192.168.2.2), I've tried creating a policy on Site A's router to forward port 443 directly to the Site B server at 192.168.2.2. I've tried creating a policy on Site A's router to forward port 443 to the Site B router's internal IP (192.168.2.1) and then setting a policy on Site B's router to forward all traffic to the Site B server. Neither of those worked.
Any help would be appreciated.
Suki,
Thanks for posting your question on the forum!
First, you will need to modify the VPN selectors to reflect traffic that will be sourced from the internet on port 443 and destined for the site B server (192.168.2.2). This will allow this traffic to traverse the VPN tunnel.
Site A:
permit tcp any host 192.168.2.2 eq 443
Site B:
permit tcp host 192.168.2.2 eq 443 any
On Site A, you will then need to modify the access-policy assigned to the WAN interface so that the port-forward can take place:
ip access-list ext PortFwd
permit tcp any host 1.2.3.4 eq 443
ip policy-class WAN
nat destination list PortFwd address 192.168.2.2
I have not seen your configuration, but you will want to be careful about the order of the rules on the WAN policy-class to be sure that is not ignored due to a rule listed above it.
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor